Detection risk is the chance that an auditor will fail to find material misstatements that exist in an entity’s financial statements. These misstatements may be due to either fraud or error. Detection risk may result in an auditor giving an inappropriate opinion, such as a clean/unmodified opinion on materially misstated financial statements.
Detection risk is one of the three elements that comprise audit risk, the other two being inherent risk and control risk. The auditor is responsible for managing detection risk. The level of detection risk can be reduced by conducting additional substantive tests, as well as by assigning the most experienced staff to an audit.
Contents
Audit Risk Model
The audit risk model is a tool that auditors use to assess the level of audit risk and to plan the appropriate audit procedures. The audit risk model can be expressed as follows:
$$Audit Risk = Inherent Risk \times Control Risk \times Detection Risk$$
Inherent risk is the susceptibility of an account or a class of transactions to material misstatement, either individually or when aggregated with misstatements in other balances or classes, assuming that there are no related internal controls.
Control risk is the risk that a material misstatement that could occur in an account or a class of transactions will not be prevented or detected and corrected on a timely basis by the entity’s internal control.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Inverse Relationship between Detection Risk and Substantive Procedures
Substantive procedures are the audit procedures designed to detect material misstatements at the assertion level. Substantive procedures include tests of details and substantive analytical procedures.
The acceptable level of detection risk is inversely related to the assurance required from substantive procedures. This means that the lower the detection risk, the higher the assurance required from substantive procedures, and vice versa.
For example, if the auditor assesses a high level of inherent risk and control risk for a certain account or class of transactions, this means that there is a high possibility of material misstatement in that account or class of transactions. Therefore, the auditor needs to reduce the detection risk to a low level by performing more extensive and effective substantive procedures to obtain sufficient appropriate audit evidence.
On the other hand, if the auditor assesses a low level of inherent risk and control risk for a certain account or class of transactions, this means that there is a low possibility of material misstatement in that account or class of transactions. Therefore, the auditor can accept a higher level of detection risk by performing less extensive and effective substantive procedures.
The inverse relationship between detection risk and substantive procedures can also be expressed as follows:
$$Detection Risk = \frac{Audit Risk}{Inherent Risk \times Control Risk}$$
This formula shows that detection risk is determined by dividing audit risk by the product of inherent risk and control risk. Therefore, if audit risk is constant, detection risk will vary inversely with inherent risk and control risk.
Conclusion
The acceptable level of detection risk is inversely related to the assurance required from substantive procedures. This means that the auditor needs to adjust the nature, timing and extent of substantive procedures according to the assessed level of inherent risk and control risk for each account or class of transactions. The auditor’s goal is to lower the detection risk sufficiently for overall audit risk to maintain an acceptable level.
